In October 2015, merchants will be liable for fraud on card-present transactions if the customer presents a chip card and the merchant doesn't have the proper system (EMV) in place to accept it. This means credit card merchants who don't make the switch to EMV technology may have to pay chargeback fees on any fraudulent transacations that occur.
While EMV technology is extremely important, there is much business owners can do to protect card holder data and minimize fraud while they don't have EMV technology implemented.
Card Present Transactions
Confirm the last four on the card match the four digits on the terminal
Before completing the transaction, verify that the last four numbers showing on the terminal actually match the last four numbers on the front the credit card. As a consumer, you may have experienced being in a business and making a purchase where the clerk asks for the card after you swipe it. They are doing this to visually confirm the last four digits match. It's a simple, yet effective way to minimize credit card fraud in your business. Once EMV technology is implemented, this process becomes automated. But while your business is still running magnetic stripes, this step is important.
Confirm the customer is the cardholder
This is as simple as matching the signature on the sales receipt (or signature display) to the signature on the back of the card. If there is not a signature on the back of the card, request to see a drivers license or other form of ID containing a photo and signature.
Card Not Present Transacations
Destroy card holder data in a secure manner
If you take orders over the phone or have to write down/record card holder data for some reason, it's essential that you destroy in a secure manner and in a timely manner after use. A cross cut shredder is advised. Be aware, according to the PCI Compliance guidelines, you are not supposed to save or store card holder data in a non-secure environment.
Avoid sending or requesting card holder data through non-secure systems
Never request card holder data via email, and never send card holder data via email. Never setup non-secure online forms to collect card holder data.
Do not setup non-secure online forms to collect card holder data
Online forms on websites that arenot secured with the proper SSL certificates and form encryption technology are dangerous and vulnerable. They are not secure and they are not PCI Compliant. Do not use them.
Do not store electronic card holder data locally
Cardholder data must be stored only on a server dedicated to processing credit card transactions, protected by a dedicated firewall, and subjected to quarterly security scans. You should not store cardholder data on a web server, laptop, tablet, PDA, or on portable media such as a USB drive. All are highly vulnerable to security breaches and they are not PCI Compliant.
Concerned About Card Holder Data Security?
You should be!
Working with a company like Novera Payment Solutions can help ensure you are meeting all PCI compliance requirements and conforming to industry best practices, enuring your business (and your customers' card holder data) is protected. Combined with our innovative flat fee merchant account pricing model, Novera Payment Solutions not only ensures your business payments security, but also saves your business a significant amount of money in credit card processing fees.